package com.CmJava.config;

import com.CmJava.filter.LoginFilter;
import com.CmJava.handler.ChatLogoutHandler;
import com.CmJava.service.JwtService;
import com.alibaba.dubbo.config.annotation.Reference;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Configuration;
import org.springframework.data.redis.core.RedisTemplate;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
import org.springframework.security.web.authentication.rememberme.PersistentTokenRepository;

@Configuration
@EnableWebSecurity
//@EnableWebSecurity(debug = true)
public class SecurityConfiguration extends WebSecurityConfigurerAdapter {


    @Autowired
    private UserDetailsService userDetailsService;

    @Autowired
    private BCryptPasswordEncoder bCryptPasswordEncoder;

    @Autowired
    private PersistentTokenRepository persistentTokenRepository;

    @Reference
    private JwtService jwtService;

    @Override
    protected void configure(AuthenticationManagerBuilder auth) throws Exception {
//        认证的工作交给userDetailsService去做
        auth.userDetailsService(userDetailsService).passwordEncoder(bCryptPasswordEncoder);
    }

    @Override
    protected void configure(HttpSecurity http) throws Exception {
        //出现错误或权限不足返回的页面
        http.exceptionHandling()
                .accessDeniedPage("/deny.html");

        //注销登录后返回登陆页面
        http.logout().logoutUrl("/logout").logoutSuccessUrl("/login.html").
                addLogoutHandler(new ChatLogoutHandler(jwtService)).
                permitAll();


        // 设置自定义的登陆页面
        http.formLogin().loginPage("/login.html").
                loginProcessingUrl("/user/login").//表单提交的路径
                defaultSuccessUrl("/index.html").permitAll();//登陆成功跳转的路径

        // 自定义的授权认证授权过滤器和jwt验证过滤器。
        http.addFilterBefore(new LoginFilter(authenticationManager(),jwtService), UsernamePasswordAuthenticationFilter.class);

        //权限设置
        http.authorizeRequests().
                antMatchers("/login.html","/assets/**","/dist/**","deny.html","/user/login","/register").permitAll().//放行静态资源的访问
                antMatchers("/admin/**").hasAuthority("admin").//管理员页面的控制
                anyRequest().authenticated();//此外所有如今都要身份认证

        //记住我
        http.rememberMe().tokenRepository(persistentTokenRepository).
                tokenValiditySeconds(3600).//设置cookies的过期时间
                userDetailsService(userDetailsService);

        //关闭csrf验证
        http.csrf().disable();

    }

//    @Override
//    public void configure(WebSecurity web) throws Exception {
//        web.ignoring().antMatchers("/login.html","/assets/**","/dist/**","deny.html");
//    }
//
}
